Separate "private networks" for VMs

andy77

Well-Known Member
Jul 6, 2016
248
13
58
40
Hello @ all,

I want to configure private networks for VMs, so that certain VMs can communicate directly with each other on a private IP.

My first though was to create multiple virtual bridges "vmbr1" to "vmbr10" to have for example 9 different virtual private networks.
Would this be the correct way?

Thx for any hint
Andy
 
Hmm, well exactly this is the question: What to use, bridges or VLANs?

What is the main difference (benefits)?

Would VLANs work cluster wide? I assume they do.
 
VLANs work as long as there are switches that can handle them. The difference is that you need to create the bridges first to use them, for VLAN you just have to put in your IDs for the VM and are good to go. The dialog for setting this for a VM is the same, the one on top of the other.
 
Hello @ all,

I want to configure private networks for VMs, so that certain VMs can communicate directly with each other on a private IP.

My first though was to create multiple virtual bridges "vmbr1" to "vmbr10" to have for example 9 different virtual private networks.
Would this be the correct way?

Thx for any hint
Andy
Yes, this is what i did this days. I added a new bridge with 10.0.1.1/24

Code:
iface vmbr1 inet manual
        address 10.0.1.1/24
        bridge_ports none
        bridge_stp off
        bridge_fd 0
        post-up /sbin/iptables -t nat -A POSTROUTING -o vmbr0 -j MASQUERADE
        pre-down /sbin/iptables -t nat -D POSTROUTING -o vmbr0 -j MASQUERADE

i then added the interface to each vm and assigned a local ip
Code:
allow-hotplug ens19
iface ens19 inet static
        address 10.0.1.100/24 #and so on for the others vms
        gateway 10.0.1.1
 
@LnxBil
OK, so VLANs work node wide out of the box (without additional network config), right?
And for cluster wide functionality, the Switches needs to be able to handle VLANs.

@zeta
Thank you for your detailed config. So you allow the internal network to route to the public, right?
 
@LnxBil
OK, so VLANs work node wide out of the box (without additional network config), right?
And for cluster wide functionality, the Switches needs to be able to handle VLANs.

@zeta
Thank you for your detailed config. So you allow the internal network to route to the public, right?
Yes, because i have a VM that has no public ip so i had to configure it in a way that it can receive updates anyway
 
Would it be a problem to define multiple vmbrs with the same IP range (for example 192.168.1.254/24)
And when I set a vmbr, I have to define a IP address. What is this address for, can I use this one in VMs?

Regards
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!